<?php
session_start();
if (! isset($_SESSION[ 'login' ])) {
	header("Location:login.php");
	exit;
} 
include_once('libs/db.php');
include_once('libs/access_control.php');

if (!access_control(1)) {
	header("Location:index.php");
	exit;
}

if (isset($_POST['btn'])) {
	$error = false;
	$query = "DELETE FROM users_libros WHERE login = LOWER('{$_POST['user']}');";
	if (! @mysql_query($query)) $error = true;

	
	foreach ($_POST as $name => $val) {
		$permiso=-1;
		if ((substr($name,0,3) == "ch_") && (!$error)) {
			$permiso=$_POST[$name];
		}
		if ( $permiso >= 0 ) {
			$query = "INSERT INTO users_libros VALUES(LOWER('{$_POST['user']}'), ".substr($name,3).",".$permiso.");";
			if (! @mysql_query($query)) $error = true;
		}
	}	
	if ($error) {
		$str_error .= "Error al grabar permisos en la base de datos.";
		$str_error .= "<br />".mysql_error();
		$_POST['txt_user'] = $_POST['user'];
		$_POST[ 'btn_search' ] = true;
	} else {
		header('Location:index.php');
		exit;		
	}
}

if (isset($_POST[ 'btn_search' ])) {
	$query = "SELECT *
	          FROM users
	          WHERE login = LOWER('".$_POST[ 'txt_user' ]."') AND users.update_st = 0;";
	$result = @mysql_query($query);
	if ( isset($result) && (@mysql_num_rows($result) == 0)) {
		$str_error .= "<br />NO existe el usuario buscado.";
	}
	
	$query = "
	SELECT u.login , tl.nombre , 
	        IFNULL(ul.permiso,0) permiso , tl.id_tipos_libro id_libro FROM users u 
    JOIN tipos_libro tl 
    LEFT JOIN users_libros ul on (tl.id_tipos_libro = ul.id_libro and ul.login = u.login ) 
    WHERE u.login ='{$_POST[ 'txt_user' ]}' and tl.update_st = 0; ";
	
	$res = @mysql_query($query);
	if ( isset($res) && (@mysql_num_rows($res) == 0)) {
		$str_error .= "<br />NO existen libros para dar permisos habilitar.";
	}
	
} 

?>
<html>
<head>
<script src='javascript\utils.js'></script>

<LINK href="common.css" rel="stylesheet" type="text/css">
</head>

<?php include_once('htx/header.php');?>

<form id='form_user' method=POST action='access_users_libros.php' >
<div align=center style='top:100px' >
<fieldset id='fieldset' >
<legend>Accesos de usuario por libro</legend><br />
<table id='tbl' align=center cellpadding='5' cellspacing='5'>
<tr>
	<th>Usuario: </th>
	<th><input type='text' name='txt_user' id='txt_user' value='<?php  if(isset($_POST[ 'txt_user' ])){echo $_POST[ 'txt_user' ];} ?>' maxlength='30' size='20' ></th>
	<th><button name='btn_search' class='button' onclick='this.form.submit()'><img src='images/user.png' align=center /> Buscar</button></th>
</tr>
</table>
</form>
<form id='form_data' method=POST action='access_users_libros.php' >
<table id='tbl' align=center cellpadding='5' cellspacing='5'>
<?php 


if ($row = @mysql_fetch_assoc($result)) {
	echo "<tr>";
	
	echo "<th>Nombre:".$row[ 'nombre' ]."</th>";
	echo "<th>Apellido:".$row[ 'apellido' ]."</th>";
	echo "</tr>";
	while($perm = @mysql_fetch_assoc($res)) {
		$checkedNada ="";
		$checkedLeer ="";
		$checkedGrabar="";
		$checkedLeerGrabar="";
		
		if ( $perm['permiso']== 0  ) {
			$checkedNada="checked";
		}
		if ( $perm['permiso']== 1  ) {
			$checkedLeer="checked";
		}
		if ( $perm['permiso']== 2 ) {
			$checkedGrabar="checked";
		}
		if ( $perm['permiso']== 3  ) {
			$checkedLeerGrabar="checked";
			
		}
		
		echo "<tr>";
		echo "<th colspan=2 >Libro de ".$perm[ 'nombre' ]." , lo puede leer ";
		echo "<input type='radio' name='ch_".$perm['id_libro']."' ".$checkedLeer." value='1'/>&nbsp;&nbsp;";
		echo " , lo puede escribir ";
		echo "<input type='radio' name='ch_".$perm['id_libro']."' ".$checkedGrabar." value='2' />&nbsp;&nbsp;";
		echo " , o leer y escribir ";
		echo "<input type='radio' name='ch_".$perm['id_libro']."' ".$checkedLeerGrabar." value='3' />&nbsp;&nbsp;";
		echo " , o nada ";
		echo "<input type='radio' name='ch_".$perm['id_libro']."' ".$checkedNada." value='0' />&nbsp;&nbsp;";
		echo "</th>";
		echo "</tr>";
	}
	
	echo "<tr>";
	echo "<th colspan=2 ><button name='btn' class='button' onclick='this.form.submit()'><img src='images/user_32.png' align=center />Habilitar permisos</button></th>";
	echo "</tr>";
	echo "<input type='hidden' name='user' value='".$_POST['txt_user']."' />";
}
?>
</table></fieldset>
</form>
</body>
</html>	